As a Security-as-a-Service Agency, we get the benefit of seeing cybersecurity trends across industries. One of the hardest things we see clients tackling is what to focus on. Should you tackle new hacks, the talent crunch, meat and potatoes or the latest technologies?
Deciding what to work on next, what has tangible ROI, is hard work. We wanted to lend a hand, so here are three trends you can make actionable today.
1. Security assessment requests
Today we see more and more companies requiring a security assessment. A security assessment helps you better understand your business’ current security posture and identify security gaps and risks. But it is not just about your organization. We see more companies wanting to assess the security of their third party vendors just as they want to look at financial data. Think of it like a supply chain of security that asks, “is this vendor going to get breached and will it impact me?”
Taking action today starts by answering how to assess your own business, what framework to choose, how is security measured. In regulated industries, the security framework is often already dictated – think banking and FFIEC. In a non-regulated industry, you might want to select the NIST core framework, ISO 27001/2 or CIS Security Controls. The assessment will identify potential areas for improvement so that you can be better prepared to enhance your security posture.
Once you take action to undertake a security assessment, how will you report on it? How can you prove you are improving your security posture and demonstrate this to auditors? If this is your first or even third attempt at answering these questions, consider asking for help from people who do it daily.
2. More audits with consistent reporting
Another trend we see is the increase in audits. Whereas auditing was previously lax, we see new enforcement rules causing more audits particularly in the financial industry. Not only are audits being dictated by regulations, but we also see an increase in insurance driving the requirement. Auto insurance looks at your driving record, cybersecurity insurance wants to see that you’re keeping your breach record clean.
Regular and consistent reporting on security improvements can help you take action to be audit ready. Consider how you report today and ask if it’s consistent. If not, you may need some help so you are audit ready and it doesn’t need to be cost-prohibitive.
3. There’s no more perimeter security
As you move to the cloud and need to support mobile workers with different devices, your traditional perimeter no longer exists. You don’t have a network to lock-down, instead you have people and devices connecting from anywhere to your cloud or co-location data center. This shift requires a more data-centric approach to security. Traditional firewalls and intrusion detection systems will likely become extinct as they no longer work in our perimeterless world.
How can you take action today? First understand what data you store and where it is located. Create policies for who can access different categories of data. Start to monitor the usage of the data itself and not just the usage of the network infrastructure. People will be the weak link in the puzzle, so they need help with this transition and support to ensure you are secure.
These three trends are changing how we all need to work to secure our environments.
We know experienced resources are a challenge and we know there are ever-changing and increasing threats. But cybersecurity doesn’t need to be exhausting. It’s about taking one step at a time. As a Cybersecurity Agency, Cygilant believes everyone deserves to be secure.
Let’s talk to explore how we can help you achieve enterprise-class security.